Having an ironclad firewall for your dedicated server is only part of the equation when it comes to security. Certain ports on your server must remain open in order for it to function, and any open port is a potential target for would-be attackers. Port 80, the standard HTTP port used by Apache, is a prime example. Since your web server is obviously exposed to the web, attackers will look for any weakness they can find, and they will start with the common ones. Here are 4 tips that should take away some of those common avenues for intrusion.
1. Run Apache under its own user
Although some Linux distributions to run Apache under the user “nobody”, this can become a security concern. If the user nobody also runs other services, and those service become compromised, Apache could be a secondary casualty.
2. Use mod_security
While a network firewall may not do much to protect your web server, an application firewall, such as ModSecurity, can do wonders. I can testify from personal experience that it really does reduce the opportunities for attackers to find exploits, particularly in web applications.
3. Disabled unneeded modules
If you do not need a particular module, it is safer to just disable it. This can also help you increase performance and free up memory as well.
4. Keep your packages up to date
It sounds simple, but this is one of the biggest problems server admins face. They fail to keep their software updated and get hit with an exploit that was patched months ago. Run regular updates and regularly check for any security exploits that may affect you.